About the product

Contact Support

Submit a sample

Technical Details

Trojan-PSW:W32/Sinowal.CP drops and loads a password stealing component on the infected system and tries to steal account information from it. It also tries to steal information that is required to access certain online banks' and online payment systems' websites.

Passwords and other data stored from FTP clients such as Trellian FTP, WS_FTP, Total Commander, Crystal FTP Pro and GlobalSCAPE

It also monitors web browsers such as Internet Explorer, Firefox, and Mozilla for online banking information upon access to the following banking sites:

banking.raiffeisen.at

bankingportal.naspa.de

cib.ibanking-services.com

ykb.teleweb.com.tr

This trojan may also collect certificates from system certificate storage and export certificate stores found. This is done through the PFXExportCertStore function of CRYPT32.DLL, which exports certificates and associated private keys if available.It may also steal system information, such as IP, port number, operating system and send it along with the other stolen information through a POST command on the following sites: